Dear Sirs,
for quite a while I cannot sucessfully invoke "Download Profile ..." anymore inside my XCode macOS project in the Signing section. Nevertheless I can create the profile manually in my developer account and download the provisioning profile to my machine and then invoke "Import Profile ...". That works correct. But also the Identifier is not added anymore automatically to my developer account when I create a new project in XCode. Both things worked correct at the beginning but it could be it got broken after some OS or XCode update. I tried to find logs showing the communication between XCode and my developer account as I think there could be some mismatch somewhere but so far I didn't find anything useful. Although I can do all the things manually it would be nice to have it working again and any hint would be appreciated.
Thanks and best regards,
Johannes
Provisioning Profiles
RSS for tagA provisioning profile is a type of system profile used to launch one or more apps on devices and use certain services.
Posts under Provisioning Profiles tag
111 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
We are launching a commandline golang binary as daemon. However, SecKeyCreateRandomKey does not return in macos Sonoma.
We tried to attach entitlement to the daemon, but it's still not working. The same commandline golang binary works when we launch it as a user process.
We would like to get your support to fix this issue.
Hi again still going round in circles here trying to get id certs for ios project. I am working on widows platform and cant get Xcode to download from Apple store.
Our provisioning profile expired yesterday.
I've created a new distribution profile.
And download and installed the certifcate on the MAC
I also downloaded and installed the provisioning profile and verified it with:
/usr/bin/security cms -D -i <id>.mobileprovision
When I run my build script, it fails on this step:
Could not find any available provisioning profiles for ..
I had dealt with this in cmake, and then forgotten about it -- now trying my Xcode-only test project, and it won't work, because the profile has -systemextension as a suffix, while the one Xcode generates doesn't.
Am I missing something in how to get Xcode to deal with this?
As I mentioned elsewhere, I am trying to add a packet filter to our app. I can load load the extension, but I am getting permission denied when I try to save the preferences with it.
I am building for release, using a Developer ID Application certificate (macOS, if that wasn't clear).
I am starting to worry that I can't do this except on an MDM-managed system.
I posted this before and thought I had fixed it, but I did not. I have an app which used to work well but now fails to launch the destination Mac (Designed for iPad). It builds fine, but doesn't launch. It does launch as aa Mac Catalyst app and if I modify the bundle id slightly, it launches as a Mac (Designed for iPad) app. I have a very similar, and I mean very similar, project that does not have this problem. I have automatically managing signing checked. would like and appreciate any help you can give me that would help me to solve this problem. I had a feedback on this, but closed it when I thought I had fixed the problem by changing the bundle id, running and then changing the bundle id back. I get the following error information.
Could not launch “App Name”
Domain: IDELaunchErrorDomain
Code: 20
Recovery Suggestion: Runningboard has returned error 5. Please check the system logs for the underlying cause of the error.
User Info: {
DVTErrorCreationDateKey = "2023-09-27 03:23:51 +0000";
DVTRadarComponentKey = 968756;
IDERunOperationFailingWorker = IDELaunchServicesLauncher;
}
The operation couldn’t be completed. Launch failed.
Domain: RBSRequestErrorDomain
Code: 5
Failure Reason: Launch failed.
Launchd job spawn failed
Domain: NSPOSIXErrorDomain
Code: 153
If I turn on (my company supplied VPN access) and then attempt to build with Xcode then that has the consequence that all the dev/distribution certificates in the keychain turn red and say "certificate is not trusted".
Turning off VPN doesn't reset them back and of course re-attempting to build will fail.
However if I reboot my MacBook, then the keychain is back in a good state again.
However as I work remotely I constantly have to flick VPN on and off throughout the day, and having to reboot endlessly is a pain.
Is there something I can do to reset the Keychain's certs to a good state without having to reboot? (and without having to delete them all and re-add them all back to the keychain).
Failed to build iOS app
Error (Xcode): No profiles for 'com.jurabek7788.sos' were found: Xcode couldn't find any iOS App Development provisioning profiles matching
'com.jurabek7788.sos'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to
xcodebuild.
/Users/user/Desktop/SOS%20flutter%20/set_of_service_app/ios/Runner.xcodeproj
It appears that there was a problem signing your application prior to installation on the device.
Verify that the Bundle Identifier in your project is your signing id in Xcode
open ios/Runner.xcworkspace
Also try selecting 'Product > Build' to fix the problem.
Encountered error while building for device.
this is my error coming when i build ios app. And main problem is already did all the things
Hi,
I was about to delete the expired provisioning profiles, meaning the ones where it said "Expired" in the last column. Now I see there are some more where the expiration date is clearly in the past, but they don't show as expired. Any idea why that is?
Kind regards
Thomas
I understand from the Xcode release notes that it is now possible to submit visionOS apps to TestFlight.
I'm getting the error "Asset validation failed" "Invalid Provisioning Profile. This provisioning profile is not compatible with visionOS apps". when uploading to TestFlight.
I use an Xcode managed profile, and am using the same bundle id as for the iOS and Mac versions of the app. In the "Certificates, Identifiers &amp; Profiles" -&gt; "Edit your App ID Configuration" it lists "iOS, iPadOS, macOS, tvOS, watchOS, visionOS" under "Platform".
Is there some guidance on submitting visionOS apps to TestFlight? Any ideas on how to regenerate the profile to include visionOS apps?
Thanks,
Damian
To be able to paire a matter device on ios I need to installed on my iPhone the matter client developper profile as indicate on the apple documentation
Adding Matter support to your ecosystem | Apple Developer Documentation
(To test your app on the iOS or macOS device that initiates the pairing, download the developer profile now, then install it.)
When I do that it works perfectly.
Otherwise the documentation says that the profile is only needed for development but when I want to use my app from the apple store (validate by Apple) and when I remove the profile it doesn't work anymore.
What do I have to do to paire Matter device on iphone without the Matter client developer profile.
I regularly come across Mac developers who have an app in the Mac App Store but are unable to submit it to TestFlight. This post explains a common cause of that problem.
If you have any questions or comments about this, start a new thread and tag it with Provisioning Profiles and TestFlight so that I see it.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
TestFlight, Provisioning Profiles, and the Mac App Store
A provisioning profile authorises a device to run your app. For historical reasons, not all Mac apps need a provisioning profile. A Mac app only needs a profile if it uses a restricted entitlement, that is, an entitlement that must be authorised by a profile. For more background on this, see TN3125 Inside Code Signing: Provisioning Profiles and, specifically, its Entitlements on macOS section.
IMPORTANT Your Mac App Store apps must be signed with the App Sandbox Entitlement, but that entitlement is unrestricted.
This means that many Mac App Store apps ship without a provisioning profile, and that’s absolutely fine. However, these apps run into problems with TestFlight. To submit an app to TestFlight, it must have a provisioning profile.
If you attempt to submit an app without a profile to TestFlight, it’ll fail with an error like this:
ITMS-90889: Cannot be used with TestFlight because the bundle at 'MyApp.app' is missing a provisioning profile. Main bundles are expected to have provisioning profiles in order to be eligible for TestFlight.
The fix is to give your app a profile. How you do this depends on how you build your app.
Fix an app built with Xcode
If you build your app with Xcode, the fix is relatively straightforward: Sign your app with a restricted entitlement. This causes Xcode’s code signing machinery to kick in. If you have automatic code signing enable, Xcode will sort this all out for you. If you use manual signing, Xcode will highlight the problems you need to solve.
A good restricted entitlement to use is the Keychain Access Groups Entitlement. Enable this by adding Keychain Sharing to the Signing & Capabilities editor for your app. You have two options here:
Leave the Keychain Groups list empty. This will fix this problem while having no effect on any keychain code in your app.
Use this as an opportunity to switch to the data protection keychain. In this case you might want to add one or more keychain access groups.
For an explanation as to why you might want to switch to using the data protection keychain, see TN3137 On Mac keychain APIs and implementations. For more information about keychain access groups, see Sharing Access to Keychain Items Among a Collection of Apps
Fix an app built outside of Xcode
If you don’t use Xcode to build your app:
Use Developer > Account > Identifiers to create an App ID for your app. Remember that your App ID is the combination of an App ID prefix and your app’s bundle ID. For new App IDs, use your Team ID as the App ID prefix.
Use Developer > Account > Profiles to create a macOS App Development provisioning profile for that App ID.
Use Developer > Account > Profiles to create a Mac App Store distribution provisioning profile for that App ID.
Update your build system to embed a provisioning profile into your app. Use the profile from step 2 for development-signed builds and the one from step 3 for distribution-signed builds. For information about where to place the profile, see Placing Content in a Bundle.
Add the following to your .entitlements:
A com.apple.application-identifier property whose value is your App ID
A com.apple.developer.team-identifier property whose value is your Team ID
Build your app and check your work by dumping the entitlements claimed by your app and the entitlements authorised by your provisioning profile. For the specific commands to use, see TN3125 Inside Code Signing: Provisioning Profiles.
WARNING In step 1, if your team has any unique App ID prefixes registered, the Developer website might default to using one of those legacy values rather than your Team ID (r. 70571514). If the App ID Prefix value is a popup, select your Team ID from the list. If the App ID value is a read-only copy of your Team ID, your team has no unique App ID prefixes, and so the Developer website always uses your Team ID as the App ID prefix.
IMPORTANT In step 5, make sure that your .entitlements file is only applied to the app itself, not to any nested code. For more on this, see the Entitlements and Nested Code section below.
Historically you might have been able to get away with using single .entitlements file for all your code. Once you start adding restricted entitlements, like com.apple.application-identifier, this bad practice will cause problems.
For general information about how to sign and package apps outside of Xcode, see Creating Distribution-Signed Code for Mac and Packaging Mac Software for Distribution.
Entitlements and Nested Code
An App Store app might contain the following code;
The app itself
Nested libraries, like a framework or a dynamic library
Nested executables, like a helper tool or an app extension
Step 5 in the previous section specifically refers to the entitlements of the main app. When it comes to nested code, the first case is easy: Never add entitlements to nested libraries. It doesn’t do anything useful and can prevent your code from running.
The story with nested executables is more nuanced. To start, every nested executable must be signed with at least one entitlement because:
All App Store executables must be sandboxed.
You enable the App Sandbox with the com.apple.security.app-sandbox entitlement.
In many cases a nested executable only needs unrestricted entitlements, like com.apple.security.app-sandbox and com.apple.security.inherit. In that case the nested code doesn’t need a provisioning profile.
If a nested executable uses restricted entitlements, it needs a provisioning profile to authorise the use of those entitlements, and its own unique App ID to tie the executable to the profile. Place this profile in the nested executable’s bundle, according to the rules in Placing Content in a Bundle.
IMPORTANT The nested code can’t ‘piggyback’ off the app’s provisioning profile. It needs its own profile with its own unique App ID.
Revision History
2023-08-17 Added the Entitlements and Nested Code section. Made other minor editorial changes.
2023-07-17 First posted.
According to the WWDC202310224 "Simplify distribution in Xcode and Xcode Cloud" video, there are two questions about my development process.
First, the developer must use "Development Profile" to config Signing & Capability instead of "Developer ID Application profile" for building Applications?
shown as the pictures below
Second, after build application successfully with "Development Profile", process Product -> archive will fail with "Command SetOwnerAndGroup failed with a nonzero exit code"
error message, I have no idea how to solve this problem.
Cloud you please tell me how to successfully archive the DriverKit application step by step and further directly distribute Application ?
Thanks for your helpful support.
After updating the os to iOS17 beta, not able to install the enterprise app through ipa, it throws error
Error installing '//Downloads/-Internal-Appstore-23.6.5-1.ipa', ERROR: Error Domain=com.apple.dt.CoreDeviceError Code=3002 "Failed to install the app on the device." UserInfo={NSUnderlyingError=0x600019bcc750 {Error Domain=com.apple.dt.CoreDeviceError Code=3000 "The item at -Internal-Appstore-23.6.5-1.ipa is not a valid bundle." UserInfo={NSURL=file:////Downloads/-Internal-Appstore-23.6.5-1.ipa, NSLocalizedDescription=The item at -Internal-Appstore-23.6.5-1.ipa is not a valid bundle., NSLocalizedFailureReason=Failed to read the bundle.}}, NSLocalizedDescription=Failed to install the app on the device., NSURL=file:///Downloads/-Internal-Appstore-23.6.5-1.ipa}
Kindly update on this. Do any code side changes have to be done for this to fix these issue?
Hi all,
I got the entiltlements for the DriverKit PCI (primary match). so I added it to my driver app ID.
so, I can show the ~~transport.pci entitlement item on my provision profile.
However, macOS system still block the my driver, and log show the " Unsatisfied entitlements: com.apple.developer.driverkit.transport.pci"
Hi there,
Currently having some issues debugging on a physical device. I am running a flutter app, and have a provisioning profile provided by our client company that is not expired and has worked up until recently just fine with physical devices. Running the app on a simulator works okay as well. However, all of the sudden the app will not run on a physical device. The build succeeds fine, but then I receive the error "Unable to install runner: A valid provisioning profile for this executable was not found".
I have opened devices and simulators and tried to install the provisioning profile on the device, but get the error "Failed to install one or more provisioning profiles on the device: Please ensure the provisioning profile is configured for this device. If not, please try to generate a new profile." I don't know why this error appears, because I have used this exact profile on this device many times before.
I'm hesitant to contact the client to receive a new provisioning profile because it is not easy to do, and again this one has worked fine until now. Does anyone have any ideas? Thanks!
The documentation for CarPlay (https://developer.apple.com/documentation/carplay/requesting_carplay_entitlements) tells you to disable automatic signing in the section titled "Import the CarPlay Provisioning Profile":
Click All in the scope bar, and then deselect “Automatically manage signing”.
There have also been other posts in the past about the inability to use automatic signing with CarPlay: https://developer.apple.com/forums/thread/63468
However in a recent post of mine (https://developer.apple.com/forums/thread/717429?login=true&page=1#732392022) I was instructed how to set it up so that I could use automatic signing for the new user-assigned-device-name entitlement and it worked so I thought "Can I do the same thing for CarPlay?" and it seems to be working so far.
Is automatic signing with CarPlay now possible? We have been able to use automatic signing to archive successfully and run to real devices and verify that CarPlay is working. I'm crossing my fingers that we'll be able to submit and get the build approved and never have to touch manual signing again.
Hopefully it works and the documentation is just out of date.
Is there a way to get the new com.apple.developer.device-information.user-assigned-device-name entitlement to work with automatically managed signing, or is it required to change to manual signing to use this entitlement?
Someone else had the same problem as me in this reply on another post: https://developer.apple.com/forums/thread/708275?answerId=730156022#730156022 but it was suggested they start a new thread but I don't think they started such a thread so I am.
I was hoping, perhaps naively, that after getting approval for the entitlement and adding it to our entitlements file that it would "just work" but i'm getting the error:
Provisioning profile "iOS Team Provisioning Profile: [redacted bundle id]" doesn't include the com.apple.developer.device-information.user-assigned-device-name entitlement.
Really hoping to avoid having to manually manage signing or at least know for sure that it is unavoidable before I move to it.
Hi, I'm trying to integrate with Tap to Pay feature under Stripe. For this reason i need to add com.apple.developer.proximity-reader.payment.acceptance entitlement to my Identifier. I can see it under Provisioning Profile -> Enabled Capabilities.
But after downloading this profile in Xcode I don't see this entitlement.
What could be the reason for this discrapency?